 |
Stop me if you’ve heard this one.
Unfortunately, it is no joke. Every week, it seems, brings a fresh twist on the familiar tale of a virus that spreads itself through email and email attachments. First, the stories go, the recipient gets an email with a subject heading like, ‘Hello, again’, or ‘Here is the file you wanted’ or perhaps most effective of all, "I love you’. Then the trouble starts as programs stop working and data gets erased.
A short time ago, to start deleting files on a victim’s hard drive and mailing the virus to everyone in the victim’s address book, it was necessary to click on the attachment, typically disguised with an innocent-looking suffix like .doc for a document or .jpg for a photograph. Not any more. Now, some email attacks are sophisticated enough to start doing damage the instant the message is opened.
Email, of course, began life as a basic, text messaging system, with little or no vulnerability to virus attacks. Then users were encouraged to ‘attach’ documents of various kinds to their messages, and the first cracks began to appear in the structure. Through a combination of ‘social engineering’ and simple programming, hackers could use innocent-looking address lines to trick people into opening not-so-innocent attachments. In social engineering, nothing is sacred and having a sense of humor or simple curiosity can be fatal to a user’s data. After all, who doesn’t want to look at a holiday greeting card or look at pictures of an old friend?
The introduction of HTML formatting to emails made life even harder for systems administrations trying to protect their users, because vulnerabilities within Microsoft programs allowed hackers to put scripts inside the messages themselves, so even users who are wary of opening attachments could still get caught, simply by opening a message.
With many, if not most corporate email systems running on a Microsoft platform, most users are stuck with the Outlook program, and many home users may not even be aware that they have a choice of email programs, most of which are immune to many of the faults and failings of the Microsoft system. (One example of the benefits of using a different email program: if you don’t use Outlook, then a virus cannot replicate by mailing itself to everyone in an Outlook address book)
Microsoft is planning to make security a priority in its software. The company's chairman, Bill Gates, has told employees to tighten Microsoft products against virus and privacy vulnerabilities. Gates told his employees in an email that when they have a choice between adding features and guarding users, "to choose security."
Critics point out that there have been security flaws in Microsoft software for years and that Mr. Gates sudden conversion to security coincides nicely with his desire to see Microsoft dominate personal online commerce through the impending .Net initiative. Consumers who have been taught about the vulnerabilities of Microsoft software through Word-related incidents are hardly likely to trust the company with their online purchases without a major image makeover.
Microsoft may or may not shape up, but in the meantime, organizations that are open to email attack should keep their anti-virus systems up to date and their data backed up.
|
|
|
With many, if not most corporate email systems running on a Microsoft platform, most users are stuck with the Outlook program, and many home users may not even be aware that they have a choice of email programs, most of which are immune to many of the faults and failings of the Microsoft system.
|
|
|
